Searching for Sensitive Data
The unintentional disclosure of sensitive data (Social Security Numbers,
credit card or student information, etc.) can result in privacy risks to
individuals, and serious compliance, financial and reputational risks to the
In addition to manually checking your systems for sensitive data on a regular
basis, you may wish to use an automated tool to help identify sensitive data on
machines that are your responsibility.
The Office of Information Security currently recommends using Identity Finder
It is strongly recommended that prior to installing and using Identity Finder you consult with your Local Support Provider and, if necessary or appropriate, obtain his/her assistance in running the program and interpreting results. Be aware that there will almost certainly be a number of "false positives", i.e., data that the program flags as sensitive which, upon inspection, turns out not to be so. Having experienced support staff to help you interpret scan results can alleviate a lot of unnecessary concern.
Penn makes Identity Finder available via site licensing at a nominal cost through the Office of Software Licensing. A link to the online order form is here.
Other Universities have also developed sensitive data scanning tools.
Although they are not currently supported, they include:
Last updated: Wednesday, June 9, 2010